Filing 28

Supplemental Declaration of Dr. Edward Felton by LARRY E. KLAYMAN, CHARLES STRANGE, MARY ANN STRANGE. (jf, )

Download PDF
Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 1 of 7 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK AMERICAN CIVIL LIBERTIES UNION; AMERICAN CIVIL LIBERTIES UNION FOUNDATION; NEW YORK CIVIL LIBERTIES UNION; and NEW YORK CIVIL LIBERTIES UNION FOUNDATION, Plaintiffs, SUPPLEMENTAL DECLARATION OF PROFESSOR EDWARD W. FELTEN v. JAMES R. CLAPPER, in his official capacity as Director of National Intelligence; KEITH B. ALEXANDER, in his official capacity as Director of the National Security Agency and Chief of the Central Security Service; CHARLES T. HAGEL, in his official capacity as Secretary of Defense; ERIC H. HOLDER, in his official capacity as Attorney General of the United States; and ROBERT S. MUELLER III, in his official capacity as Director of the Federal Bureau of Investigation, Case No. 13-cv-03994 (WHP) ECF CASE Defendants. SUPPLEMENTAL DECLARATION OF PROFESSOR EDWARD W. FELTEN I, Edward W. Felten, declare under penalty of perjury, pursuant to 28 U.S.C. § 1746, that the following is true and correct: 1. Counsel for Plaintiffs in this lawsuit have asked me to submit a supplemental declaration explaining my views regarding four technological claims made by the government in its opposition to Plaintiffs’ motion for a preliminary injunction: a. that the government does not obtain subscriber names under the mass calltracking program, see, e.g., Gov’t PI Opp. 12; b. that so-called “three-hop analysis” of a suspect’s phone number “cannot be as effectively performed” without first building a database of everyone’s call records, see, e.g., Gov’t PI Opp. 4; 1 Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 2 of 7 c. that telephony metadata is unique in its “standardized and inter-connected” nature, see, e.g., Gov’t PI Opp. 21; and d. that it would take the government “approximately six months” to develop a method of quarantining Plaintiffs’ call records if a preliminary injunction were granted, see Gov’t PI Opp. 40. 2. Below, I address those four claims. It is easy to correlate telephone numbers with subscriber names. 3. The government repeatedly emphasizes in its motion that, under the mass call- tracking program, it does not obtain the subscriber names associated with Americans’ telephone numbers. This may be true, but it is of little significance. As I explained in my first declaration, Felten Decl. ¶ 19 & n.14, it would be trivial for the government to obtain a subscriber’s name once it has that subscriber’s phone number. This is so because phone numbers are unique identifiers. Like social security numbers or individual taxpayer identification numbers, phone numbers are unique to their owners. 4. It is extraordinarily easy to correlate a phone number with its unique owner. Many phone numbers are publicly correlated with their owners and can therefore be associated with specific persons by consulting entirely public sources. For example, many free or low-cost Internet services allow users to perform “reverse-lookup searches” to determine the owner of a particular phone number. See, e.g., http://www.whitepages.com; http://www.peoplefinders.com/reverse-phone-directory. Of course, physical phone directories remain in wide circulation and have been digitized to facilitate reverse-lookup searches. 5. The government also has an array of legal authorities at its disposal to discover the subscriber names of particular phone numbers, even if those correlations are not otherwise publicly available. For example, the government may issue demands to communication service 2 Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 3 of 7 providers for subscriber information—including subscriber names and addresses—relevant to terrorism investigations. See Felten Decl. ¶ 19 n.14. Three-hop analysis can be performed without a database of all call records. 6. The government states that it could not perform three-hop analysis on a suspect’s phone number without first building a database of everyone’s call records. See Gov’t PI Opp. 4. This is technologically incorrect. There are a number of ways in which the government could perform three-hop analysis without first building its own database of every American’s call records. 7. For example, the government could obtain a single court order directing all (or perhaps even just the major) telephone companies to provide to the government the call records of everyone within three hops of a suspect’s phone number. Using a straightforward algorithm (which I could describe at greater length if necessary), this order could be implemented using at most two queries to each telephone provider. Moreover, this process could easily be automated to make it virtually instantaneous. Each of the major telephone companies now subject to an order similar to the one revealed in June could create a simple electronic interface—known in the computer-programming profession as an Application Programming Interface, or API—that would be invoked by a government computer system to automate the collection of the data needed for a three-hop analysis of a specific target’s phone number. The interfaces, working together to implement the algorithm referred to above, could perform the government’s threehop analysis essentially instantaneously—in a matter of seconds or less. At least one of the major telecommunications companies has already built part of such a system, providing the government with a “community of interest” search capability, which is a form of the social-graph analysis used in the mass call-tracking program. See Dep’t of Justice, Office of the Inspector 3 Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 4 of 7 Gen., A Review of the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records 56–64 (2010), http://www.justice.gov/oig/special/s1001r.pdf; Eric Lichtblau, F.B.I. Data Mining Reached Beyond Initial Targets, N.Y. Times, Sept. 9, 2007, http://nyti.ms/g34M. 8. I have reviewed the declarations submitted by Teresa Shea and Robert Holley in support of the government’s claim that the collection of all Americans’ call records is necessary. Nothing in their explanation of the supposed necessity of the program alters my conclusion that three-hop analysis could be performed quickly and efficiently without first creating a database of the scope maintained by the government. For example, Ms. Shea suggests that the mass calltracking program would have allowed the government to learn that a 9/11 hijacker (Khalid alMihdhar) was in the United States when he communicated with an al Qaeda safe house in Yemen. Shea Decl. ¶ 11. There is absolutely no need for a database of every American’s call records to perform this sort of one-hop analysis. In al-Mihdar’s case, the government could easily have obtained from the telephone companies (using any number of legal authorities) the call records of any American in communication with the al Qaeda safehouse. The same is true of the example provided by Mr. Holley of Najibullah Zazi. See Holley Decl. ¶ 26. Mr. Holley states that the NSA received Zazi’s telephone number from the FBI and discovered that he was in contact with Adis Medunjanin. Again, this simple connection could have been discovered directly from the telephone companies without the need for a government database of all call records. As I explained above, though, even if these cases involved more complex connections with two or three degrees of separation, there still would be no need for the mass call-tracking program to allow the government to discover the connections. 4 Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 5 of 7 Telephony metadata is not unique. 9. The government argues that telephony metadata is unique in that it is “standardized and inter-connected,” and that these characteristics are “not common to most other types of records.” Gov’t PI Opp. 21. This suggestion is misleading. 10. As I explained in my first declaration, Felten Decl. ¶ 20, telephony metadata is easy to analyze because it is “structured,” or highly ordered. This fact is not unique, however, to telephony metadata. Many other types of data are also structured and are therefore also easy to analyze in the aggregate. 11. Virtually every type of digital communications metadata is structured. This includes, but is by no means limited to, email metadata, Internet-usage history, and Internet chat records. Many other types of records are also structured, including financial records, credit-card records, and even portions of medical records. This is no coincidence: industry experts often develop and agree upon a standardized form for the structure of metadata or transactional data. 12. Most of these sorts of structured records are interconnected. Communications metadata are interconnected in a fairly obvious manner. But the same is true of financial and medical records. For example, prescription records memorialize the identity of the doctor, the identity of the patient, and the medicine prescribed. In a Medicare-fraud investigation, it would be possible to use prescription records to conduct a social-graph analysis, see Felten Decl. ¶ 48 (explaining social graphs), of a particular doctor’s prescriptions. The analysis might reveal connections between several doctors’ prescription habits, their overlapping patients, their connections to other doctors known to engage in fraudulent practices, or divergences between their prescription habits and the prescription habits of other doctors. See, e.g., The Rise of Organized Crime in Health Care: Social Network Analytics Uncover Hidden and Complex Fraud 5 Case 1:13-cv-03994-WHP Document 68-1 Schemes, Filed 10/25/13 Page 6 of 7 available at http://www.writersstudio.com/samples/whitepapers/Lexis%20Nexis%20social%20network%20a nalytics.pdf. 13. The same sort of social-graph analysis could be applied to financial or credit-card records to uncover organized crime or fraud, because those records are also interconnected. A money-laundering investigation, for instance, could benefit from the ability to trace funds transferred from their source through a series of sham transactions and ultimately back to the original account or owner, in order to make those funds appear “clean.” It would be feasible to quarantine the ACLU’s call records. 14. The government states that it would take “approximately six months,” Gov’t PI Opp. 40, to devise a way in which to quarantine the ACLU’s call records if the ACLU’s request for a preliminary injunction were granted. This is an implausible estimate for the time necessary to develop the software to quarantine the ACLU’s call records. 15. There are a number of ways that the government could efficiently and effectively quarantine the ACLU’s call records. For example, the NSA could deploy an automated script that would search its database for the ACLU’s call records and move those records to another database that would not be accessed except at the direction of the Court. It could also apply a filter to its three-hop analysis such that any call to or from an ACLU number would be ignored (as would any other call down the chain from any such call). Indeed, it appears that the NSA already has the ability to filter its three-hop analysis to exclude certain phone numbers. See, e.g., David S. Kris, On the Bulk Collection of Tangible Things, 1:4 Lawfare Res. Pap. Ser. 1, 13–14 (Sept. 29, 2013) (“NSA technicians may access the metadata to make the data more useable— e.g., to create a ‘defeat list’ to block contact chaining through ‘high volume identifiers’ 6 Case 1:13-cv-03994-WHP Document 68-1 Filed 10/25/13 Page 7 of 7 presumably associated with telemarketing or similar activity." (quoting orders of the Foreign Intelligence Surveillance Court)). 16. Both of these solutions are relatively simple from a technological perspective, and it is difficult to understand how either could take significant resources to implement, much less the six months estimated by the government. Dated: October 25, 2013 7

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?